<?php

namespace fztadmin\behaviors;

use common\models\db\AdminMenu;
use common\models\db\AdminPower;
use common\models\db\AdminRoute;
use common\models\db\User;
use yii\filters\AccessControl;
use yii\web\ForbiddenHttpException;

class RBAC extends AccessControl
{
    public static $ignoreCheckRoutes = [
        '/user/center/index',
        '/user/center/bind-new-card',
        '/user/center/bind-new-card-check',
        '/user/center/set-settlement-card',
        '/user/center/update-mobile',
        '/user/center/update-local-mobile',
        '/user/center/update-password',
        '/user/center/update-pay-password',
        '/ajax/plat/custom-money-inquiry', // 客户查询余额
    ];

    public static $mustHasCustomUseRoutes = [
        '/custom',
        '/custom/fund-transaction-details/index',
        '/custom/fund-transaction-details/index11',
        '/custom/fund-transaction-details/index12',
    ];

    public function beforeAction($action)
    {
        if (parent::beforeAction($action)) {
            /**
             * @var User $user
             */
            $user = \Yii::$app->user->identity;
            if (!$user){
                throw new ForbiddenHttpException("没有找到用户或你已被删除");
            }
            if ($user->is_admin_super){}else{
                $route = "/{$action->controller->route}";
                if (!$user->canRoute($route)){
                    throw new ForbiddenHttpException("你没有访问权限");
                }
            }
            return true;
        }else{
            return false;
        }
    }
}